A blog to share security, networking and cloud related technology information as @vCloudernBeer picked up on his search for his destiny in the cloud. (LinkedIn: https://www.linkedin.com/in/chowanthony)

Monday, October 13, 2014

Ingredients of OpenStack API

In VMworld 2014, VMware announced a new product VMware Integrated OpenStack.Currently this
product is still in beta and will be available in the first quarter of 2015.

OpenStack has been a popular technology for private cloud
orchestration.In this article OpenStack is
described as a modular architecture that currently has eleven components:

Each component needs to obtain an authentication token from the
Keystone module and this is accomplished by API.OpenStack APIs are used to create and manage
resource of each of these modules.If we
want to dig deeper into OpenStack, it is essential that we know more about
OpenStack APIs.

This OpenStack Wiki page
has a good description on OpenStack API.It stated that OpenStack API is the Management and Control plane for a
Cloud Infrastructure built using the various components (see above).A few things were mentioned about OpenStack
API:

it is REST-ful

JSON based

Each core project will expose one or more RESTful interface
for the purpose of interacting with the outside world.

Let’s look at some of the ingredients that make up of
OpenStack API.

RESTful HTTP API

REST stands for Representational State Transfer and it is an
architecture that generally runs over HTTP.REST can be looked at as a light weighted web services

REST APIs are used by many “well known” applications such as
PayPal, Twitter and Facebook, Google and mobile devices.The list can go on and on.

In the context of OpenStack we can see that RESTful APIs has
the following characteristics:

Stateless

Use of URI to expose resources

Noun based protocol e.g. GET, POST, DELETE etc

Besides being used by the various OpenStack components for
management and control, REST API is heavily used by the Swift component for
operations such as creation, deletion and/or retrieval of the object storage
elements.

JSON

JSON stands for JavaScript Object Notation and it is a
lightweight data-interchange format.The
official website for JSON is here. It mentioned
that JSON is built on 2 structures:

A collection of name/value pairs

An ordered list of values

Scott Lowe has a nice article on JSON
as well as links to other useful page for getting to know JSON.

WSGI stands for Web Server Gateway Interface is a specification
for simple and universal interface between web servers and web applications or
frameworks for Pythons according to Wikipedia.

OpenStack is written in Python and WSGI is a natural fit if an
OpenStack component needs to implement a web based framework to handle the
RESTful HTTP request and to provide the response.It can be looked as a “Middle-ware” for the
module.

This may not be directly related to OpenStack API, we can
find WSGI modules in the Nova and Neutron component as well as the Swift
component.

The Ceilometer components, however, used Flask instead of
the WSGI framework.

Authentication

OpenStack API is a very powerful tool.One aspect that we cannot ignore is
security.

At the very least for the RESTful HTTP based OpenStack API
can be configured to use HTTPS instead of HTTP.

RESTful HTTP API has 3 kinds of message authentication
method:

Basic HTTP

OAuth

None

I have not looked at OAuth but this is used extensively in
OpenStack.

In Keystone (OpenStack Identity Service), the identity-api is
in fact the entry point for all service API in which Keystone issue a token to
client and this token is used for any API calls to the OpenStack API end points
such as nova-api, glance-api , neutron-api … etc.